Lucene search
K

18 matches found

Vulnrichment
Vulnrichment
added 2025/10/14 4:56 p.m.2 views

CVE-2025-37135 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI)

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/10 12:0 a.m.1 views

WordPress NinjaScanner plugin file path validation deficiency vulnerability

WordPress NinjaScanner plugin is a lightweight, fast and powerful virus scanning plugin designed for WordPress to detect malware and viruses in websites. WordPress NinjaScanner plugin suffers from an insufficient file path validation vulnerability that can be exploited by an attacker to cause...

7.2CVSS7AI score0.00507EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.5 views

WordPress plugin Ajax Load More 安全漏洞

WordPress Ajax Load More plugin is an open source plugin , mainly used to achieve infinite scrolling of website content and lazy loading function , optimize the user experience through AJAX technology . WordPress Ajax Load More plugin has an authorization issue vulnerability, the vulnerability...

8.8CVSS6.9AI score0.00984EPSS
Exploits1References3
OSV
OSV
added 2025/05/30 8:15 p.m.6 views

CVE-2025-2503

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user...

7.1CVSS5.9AI score0.00111EPSS
Exploits0References1
NVD
NVD
added 2024/05/02 2:15 p.m.26 views

CVE-2023-37244

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

7CVSS5.2AI score0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/02 1:21 p.m.28 views

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS5.5AI score0.00233EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/02 1:21 p.m.26 views

CVE-2023-37244 Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into...

5.3CVSS6.8AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2024/05/02 1:21 p.m.89 views

CVE-2023-37244

The CVE-2023-37244 entry concerns AutomationManager.AgentService.exe and describes a TOCTOU race condition that lets standard users create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp. This could enable an attacker to manipulate the process into performing arbitra...

7CVSS6.7AI score0.00233EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.63 views

Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization

Description The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to arbitrary file deletions and PHAR deserialization in version up to, and including 3.19.0. This is due to the plugin not providing sufficient path validation on the 'tmpname' parameter...

8.5CVSS7.4AI score0.00715EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/02/16 9:7 a.m.48 views

CVE-2023-0862

The CVE-2023-0862 entry describes a path-traversal vulnerability in NetModule NSRW web administration interface. Affected NSRW versions: 4.3.0.0 before 4.3.0.119, 4.4.0.0 before 4.4.0.118, 4.6.0.0 before 4.6.0.105, and 4.7.0.0 before 4.7.0.103. Attackers could upload malicious files to the web ro...

8.8CVSS7.5AI score0.02353EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/09/30 6:15 p.m.23 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.1CVSS0.01332EPSS
Exploits1References1
OSV
OSV
added 2022/09/30 6:15 p.m.25 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.1CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2022/09/30 6:15 p.m.22 views

Directory traversal

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

5.5CVSS8AI score0.01332EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/09/30 5:5 p.m.29 views

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

8.3AI score0.01332EPSS
Exploits1References1
CVE
CVE
added 2022/09/30 5:5 p.m.65 views

CVE-2021-33354

The CVE-2021-33354 issue affects htmly prior to 2.8.1 and is a Directory Traversal vulnerability that allows remote attackers to delete arbitrary files via a modified file parameter. The root cause is improper validation of the file parameter, enabling access to files outside the intended directo...

8.1CVSS8AI score0.01332EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2022/06/13 1:15 p.m.34 views

CVE-2022-1777

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

8.8CVSS0.01263EPSS
Exploits2References1
Huntr
Huntr
added 2022/06/02 2:36 p.m.22 views

Path traversal leads to arbitrary file deletions and file writes

Description Deploy and run gogs in Windows. Proof of Concept 1.Create a repository in Gogs, upload a file named test to the repository on the web page, The content of the file is as follows: xml 1111 2.The attacker can remove any files. http request: POST...

6.4CVSS0.3AI score0.02251EPSS
Exploits1
CNVD
CNVD
added 2021/02/22 12:0 a.m.11 views

McAfee Total Protection Elevation of Privilege Vulnerability (CNVD-2021-12082)

McAfee Total Protection MTP is a one-stop security suite. An elevation of privilege vulnerability exists in McAfee Total Protection prior to version 16.0.30. A local attacker can exploit this vulnerability to elevate privileges and perform arbitrary file deletions with SYSTEM user privileges, whi...

7.8CVSS6.8AI score0.00654EPSS
Exploits0References1
Rows per page
Query Builder